At Alden Hosting we eat and breathe Java! We are the industry leader in providing
affordable, quality and efficient Java web hosting in the shared hosting marketplace.
All our sites run on our Java hosing platform configured for
optimum performance using Java 1.6, Tomcat 6, MySQL 5, Apache 2.2 and web
application frameworks such as Struts, Hibernate, Cocoon, Ant, etc.

We offer only one type of Java hosting - Private Tomcat. Hosting accounts on the Private
Tomcat environment get their very own Tomcat server. You can start and re-start
your entire Tomcat server yourself.

In this trail you'll learn how the built-in
Java™ security features protect you
from malevolent programs. You'll see how to use tools to control access to
resources, to generate and to check digital signatures,
and to create and to manage
keys needed for signature generation and checking. You'll also see how to
incorporate cryptography services, such as digital signature generation
and checking, into your programs.

The security features provided by the Java Development Kit
(JDK™)
are intended for a variety of audiences:

Users running programs:

Built-in security functionality protects you from malevolent
programs (including viruses),
maintains the privacy of your files and information about you,
and authenticates the identity of each code provider.
You can subject applications and applets to security
controls when you need to.

Developers:

You can use API methods to incorporate security functionality into
your programs, including cryptography services and
security checks.
The API framework enables you to define and integrate your own
permissions (controlling access to specific resources),
cryptography service implementations, security manager implementations,
and policy implementations.
In addition, classes are provided for management of your
public/private key pairs and
public key certificates from people you trust.

Systems administrators, developers, and users:

JDK tools manage your keystore (database of keys and certificates);
generate digital signatures for JAR files,
and verify the authenticity of such signatures
and the integrity of the signed contents; and
create and modify the policy
files that define your installation's security policy.

Trail Lessons

Quick Tour of Controlling Applets
shows how resource accesses,
such as reading or writing a file,
are not permitted for unsigned applets unless
explicitly allowed by a permission in a policy file.

Quick Tour of Controlling Applications
builds on the previous lesson, showing that when applications
are run under a security manager, resource accesses may be
controlled in exactly the same way as for unsigned applets.

API and Tools Use for Secure Code and File Exchanges
defines digital signatures, certificates, and keystores and discusses why they are needed.
It also reviews information applicable to the next three lessons
regarding the steps commonly needed for using the tools or the API to generate
signatures, export/import certificates, and so on.

Signing Code and Granting It Permissions
illustrates the use of all the security-related tools.
It shows the steps that a developer would take
to sign and to distribute code for others
to run. The lesson also shows how someone
who will run the code (or a system administrator)
could add an entry in a policy file
to grant the code permission for the resource accesses it needs.

Exchanging Files
shows use of the tools by one person to sign an important document, such as a
contract, and to export the public key certificate for the public key
corresponding to the private key used to sign the contract.
Then the lesson shows how another person,
who receives the contract, the signature, and
the public key certificate, can import the
certificate and verify the signature.

Generating and Verifying Signatures
walks you step by step through an example of writing a Java
program using the JDK Security API to generate keys, to generate a digital signature for data using the private key, and to export the public key and the signature to files.
Then the example shows writing a second program, which may be expected to run on a different person's computer, that imports the public key and verifies the authenticity of the signature.
Finally, the example discusses potential weaknesses of the
approach used by the basic programs and demonstrates possible alternative approaches and methods of supplying and importing keys, including in certificates.

At Alden Hosting we eat and breathe Java! We are the industry leader in providing
affordable, quality and efficient Java web hosting in the shared hosting marketplace.
All our sites run on our Java hosing platform configured for
optimum performance using Java 1.6, Tomcat 6, MySQL 5, Apache 2.2 and web
application frameworks such as Struts, Hibernate, Cocoon, Ant, etc.

We offer only one type of Java hosting - Private Tomcat. Hosting accounts on the Private
Tomcat environment get their very own Tomcat server. You can start and re-start
your entire Tomcat server yourself.